Re: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt
Anthony Nadalin <tonynad@microsoft.com> Tue, 30 July 2013 07:59 UTC
Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 672A011E80F4 for <oauth@ietfa.amsl.com>; Tue, 30 Jul 2013 00:59:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.466
X-Spam-Level:
X-Spam-Status: No, score=-3.466 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FwB-FvNMTave for <oauth@ietfa.amsl.com>; Tue, 30 Jul 2013 00:59:41 -0700 (PDT)
Received: from co9outboundpool.messaging.microsoft.com (co9ehsobe005.messaging.microsoft.com [207.46.163.28]) by ietfa.amsl.com (Postfix) with ESMTP id ACA8D21F9EC4 for <oauth@ietf.org>; Tue, 30 Jul 2013 00:59:40 -0700 (PDT)
Received: from mail113-co9-R.bigfish.com (10.236.132.233) by CO9EHSOBE029.bigfish.com (10.236.130.92) with Microsoft SMTP Server id 14.1.225.22; Tue, 30 Jul 2013 07:59:40 +0000
Received: from mail113-co9 (localhost [127.0.0.1]) by mail113-co9-R.bigfish.com (Postfix) with ESMTP id 058CA680163 for <oauth@ietf.org>; Tue, 30 Jul 2013 07:59:40 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC103.redmond.corp.microsoft.com; RD:autodiscover.service.exchange.microsoft.com; EFVD:NLI
X-SpamScore: -17
X-BigFish: VS-17(zf7Iz9371I936eIc85fh1b0bIdb82hzz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6h1082kzz16d858h1d7338h1de098h1033IL17326ah18c673h1de096h1954cbh18602eh8275bh8275dh1de097hz2fh2a8h683h839hd24hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h1b0ah1bceh1d07h1d0ch1d2eh1d3fh1de9h1dfeh1dffh1e1dh17ej9a9j1155h)
Received-SPF: pass (mail113-co9: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=tonynad@microsoft.com; helo=TK5EX14HUBC103.redmond.corp.microsoft.com ; icrosoft.com ;
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT002.namprd03.prod.outlook.com; R:internal; EFV:INT
Received: from mail113-co9 (localhost.localdomain [127.0.0.1]) by mail113-co9 (MessageSwitch) id 1375171176725258_28062; Tue, 30 Jul 2013 07:59:36 +0000 (UTC)
Received: from CO9EHSMHS015.bigfish.com (unknown [10.236.132.239]) by mail113-co9.bigfish.com (Postfix) with ESMTP id A2487280049 for <oauth@ietf.org>; Tue, 30 Jul 2013 07:59:36 +0000 (UTC)
Received: from TK5EX14HUBC103.redmond.corp.microsoft.com (131.107.125.8) by CO9EHSMHS015.bigfish.com (10.236.130.25) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 30 Jul 2013 07:59:36 +0000
Received: from db9outboundpool.messaging.microsoft.com (157.54.51.80) by mail.microsoft.com (157.54.86.9) with Microsoft SMTP Server (TLS) id 14.3.136.1; Tue, 30 Jul 2013 07:58:27 +0000
Received: from mail82-db9-R.bigfish.com (10.174.16.238) by DB9EHSOBE028.bigfish.com (10.174.14.91) with Microsoft SMTP Server id 14.1.225.22; Tue, 30 Jul 2013 07:58:25 +0000
Received: from mail82-db9 (localhost [127.0.0.1]) by mail82-db9-R.bigfish.com (Postfix) with ESMTP id C43FA4E00D0 for <oauth@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Tue, 30 Jul 2013 07:58:25 +0000 (UTC)
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(377454003)(69234005)(189002)(199002)(2473001)(377424004)(19580395003)(83322001)(19580405001)(15202345003)(47736001)(76482001)(74876001)(83072001)(561944002)(74366001)(69226001)(80976001)(74316001)(81542001)(19580385001)(50986001)(56776001)(33646001)(47976001)(76576001)(4396001)(16406001)(54356001)(63696002)(19300405004)(79102001)(54316002)(49866001)(74706001)(74502001)(16236675002)(31966008)(80022001)(46102001)(77982001)(59766001)(51856001)(16601075003)(74662001)(65816001)(76796001)(47446002)(14971765001)(81342001)(77096001)(53806001)(56816003)(76786001)(42262001)(24736002)(3826001); DIR:OUT; SFP:; SCL:1; SRVR:BY2PR03MB189; H:BY2PR03MB189.namprd03.prod.outlook.com; CLIP:2001:df8:0:16:3038:679b:8deb:6a4d; RD:InfoNoRecords; MX:1; A:1; LANG:en;
Received: from mail82-db9 (localhost.localdomain [127.0.0.1]) by mail82-db9 (MessageSwitch) id 1375171103522264_20876; Tue, 30 Jul 2013 07:58:23 +0000 (UTC)
Received: from DB9EHSMHS026.bigfish.com (unknown [10.174.16.229]) by mail82-db9.bigfish.com (Postfix) with ESMTP id 7AD313001AE; Tue, 30 Jul 2013 07:58:23 +0000 (UTC)
Received: from BL2PRD0310HT002.namprd03.prod.outlook.com (157.56.240.21) by DB9EHSMHS026.bigfish.com (10.174.14.36) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 30 Jul 2013 07:58:23 +0000
Received: from BY2PR03MB189.namprd03.prod.outlook.com (10.242.36.140) by BL2PRD0310HT002.namprd03.prod.outlook.com (10.255.97.37) with Microsoft SMTP Server (TLS) id 14.16.341.1; Tue, 30 Jul 2013 07:58:21 +0000
Received: from BY2PR03MB189.namprd03.prod.outlook.com (10.242.36.140) by BY2PR03MB189.namprd03.prod.outlook.com (10.242.36.140) with Microsoft SMTP Server (TLS) id 15.0.731.16; Tue, 30 Jul 2013 07:58:19 +0000
Received: from BY2PR03MB189.namprd03.prod.outlook.com ([169.254.6.234]) by BY2PR03MB189.namprd03.prod.outlook.com ([169.254.6.234]) with mapi id 15.00.0731.000; Tue, 30 Jul 2013 07:58:19 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: Phil Hunt <phil.hunt@oracle.com>, "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt
Thread-Index: AQHOjDPfwiaLUiaTyEmZrnEI2jXH7Jl83EpA
Date: Tue, 30 Jul 2013 07:58:18 +0000
Message-ID: <0d960c59312649128c5403a45e5f7738@BY2PR03MB189.namprd03.prod.outlook.com>
References: <20130729074941.28839.7732.idtracker@ietfa.amsl.com> <E4ED649B-D9FE-4B38-B8B2-82A7FF600C07@oracle.com>
In-Reply-To: <E4ED649B-D9FE-4B38-B8B2-82A7FF600C07@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:df8:0:16:3038:679b:8deb:6a4d]
x-forefront-prvs: 0923977CCA
Content-Type: multipart/alternative; boundary="_000_0d960c59312649128c5403a45e5f7738BY2PR03MB189namprd03pro_"
MIME-Version: 1.0
X-OrganizationHeadersPreserved: BY2PR03MB189.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%ORACLE.COM$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14HUBC103.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14HUBC103.redmond.corp.microsoft.com
X-OriginatorOrg: microsoft.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jul 2013 07:59:46 -0000
So is the intent to provide an enterprise authentication claim? I would think that the proposal would use JWT as the token and then define the appropriate claim in the JWT From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Phil Hunt Sent: Monday, July 29, 2013 1:14 AM To: oauth@ietf.org WG Subject: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt FYI. I have been noticing a substantial number of sites acting as OAuth Clients using OAuth to authenticate users. I know several of us have blogged on the issue over the past year so I won't re-hash it here. In short, many of us recommended OIDC as the correct methodology. Never-the-less, I've spoken with a number of service providers who indicate they are not ready to make the jump to OIDC, yet they agree there is a desire to support authentication only (where as OIDC does IDP-like services). This draft is intended as a minimum authentication only specification. I've tried to make it as compatible as possible with OIDC. For now, I've just posted to keep track of the issue so we can address at the next re-chartering. Happy to answer questions and discuss. Phil @independentid www.independentid.com<http://www.independentid.com> phil.hunt@oracle.com<mailto:phil.hunt@oracle.com> Begin forwarded message: From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> Subject: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt Date: 29 July, 2013 9:49:41 AM GMT+02:00 To: Phil Hunt <phil.hunt@yahoo.com<mailto:phil.hunt@yahoo.com>>, Phil Hunt <None@ietfa.amsl.com<mailto:None@ietfa.amsl.com>>, Phil Hunt <> A new version of I-D, draft-hunt-oauth-v2-user-a4c-00.txt has been successfully submitted by Phil Hunt and posted to the IETF repository. Filename: draft-hunt-oauth-v2-user-a4c Revision: 00 Title: OAuth 2.0 User Authentication For Client Creation date: 2013-07-29 Group: Individual Submission Number of pages: 9 URL: http://www.ietf.org/internet-drafts/draft-hunt-oauth-v2-user-a4c-00.txt Status: http://datatracker.ietf.org/doc/draft-hunt-oauth-v2-user-a4c Htmlized: http://tools.ietf.org/html/draft-hunt-oauth-v2-user-a4c-00 Abstract: This specification defines a new OAuth2 endpoint that enables user authentication session information to be shared with client applications. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. The IETF Secretariat
- [OAUTH-WG] Fwd: New Version Notification for draf… Phil Hunt
- Re: [OAUTH-WG] Fwd: New Version Notification for … Anthony Nadalin
- Re: [OAUTH-WG] New Version Notification for draft… Richer, Justin P.
- Re: [OAUTH-WG] New Version Notification for draft… Phil Hunt
- Re: [OAUTH-WG] New Version Notification for draft… Richer, Justin P.
- [OAUTH-WG] Fwd: New Version Notification for draf… Phil Hunt
- Re: [OAUTH-WG] New Version Notification for draft… Richer, Justin P.
- Re: [OAUTH-WG] Fwd: New Version Notification for … John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Nat Sakimura
- Re: [OAUTH-WG] New Version Notification for draft… Brian Campbell
- Re: [OAUTH-WG] New Version Notification for draft… Paul Madsen
- Re: [OAUTH-WG] New Version Notification for draft… Richer, Justin P.
- Re: [OAUTH-WG] New Version Notification for draft… Todd W Lainhart
- Re: [OAUTH-WG] New Version Notification for draft… Nat Sakimura
- Re: [OAUTH-WG] Fwd: New Version Notification for … Prateek Mishra
- Re: [OAUTH-WG] Fwd: New Version Notification for … Nat Sakimura
- [OAUTH-WG] Need for Extending OAuth with AuthN (w… Prateek Mishra
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Bill Mills
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Richer, Justin P.
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Prateek Mishra
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… William Mills
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Nat Sakimura
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Anthony Nadalin
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Richer, Justin P.
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Anthony Nadalin
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Nat Sakimura
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Richer, Justin P.
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Anthony Nadalin
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Torsten Lodderstedt
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Nat Sakimura
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Phil Hunt
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Mike Jones
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Phil Hunt
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Nat Sakimura
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Bill Mills
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Nat Sakimura
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Phil Hunt
- Re: [OAUTH-WG] Need for Extending OAuth with Auth… Nat Sakimura